{% if ansible_distribution == "Altlinux"  %}
[sssd]
config_file_version = 2
services = nss, pam
user = _sssd
domains = OKB3.LOCAL
[nss]

[pam]
offline_credentials_expiration = 3
[domain/OKB3.LOCAL]
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
default_shell = /bin/bash
fallback_homedir = /home/%d/%u
debug_level = 0
cache_credentials = true
ad_gpo_ignore_unreadable = true
ad_gpo_access_control = permissive
ad_update_samba_machine_account_password = true
{% else %}
[sssd]
domains = okb3.local
config_file_version = 2
services = nss, pam, ifp

[ifp]
allowed_uids = 0, 33, 114, 999

[pam]
offline_credentials_expiration = 3

[domain/okb3.local]
krb5_ccname_template = FILE:%d/krb5cc_%U
ad_gpo_access_control = permissive
ad_domain = okb3.local
krb5_realm = OKB3.LOCAL
realmd_tags = manages-system joined-with-adcli 
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
krb5_lifetime = 5d
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/OKB3/%u
access_provider = ad
{% endif %}
